405a989805c1d1675dd83da151467242a0d6e53276d72787a1c98df943a07ac5

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
04-11-2023 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

shell.exe
Size

7.0MB
MD5

e84be1e9841f1348dd866996a5c395f8
SHA1

dec7409f99fedf53c181e192a4ceb82e592c73a5
SHA256

405a989805c1d1675dd83da151467242a0d6e53276d72787a1c98df943a07ac5
SHA512

b8ebdecad3964704f0c29dae446357e12c796913003499f72b59dc5d3ccb9ddd93789ffdd6c60365f7fd943331e8db7803d4e8045dc9788b548cb52cbff724d8
SSDEEP

196608:waSeWfL2Vmd6+DXLZy7YM30LzajMpQMr:3WfL2Vmd6m70GzajM2M

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

shell.exe

pid process

2440 shell.exe
2440 shell.exe
2440 shell.exe
2440 shell.exe
2440 shell.exe
2440 shell.exe
2440 shell.exe

pid	process
2440	shell.exe
2440	shell.exe
2440	shell.exe
2440	shell.exe
2440	shell.exe
2440	shell.exe
2440	shell.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

shell.exe

description	pid	process	target process
PID 2732 wrote to memory of 2440	2732	shell.exe	shell.exe
PID 2732 wrote to memory of 2440	2732	shell.exe	shell.exe
PID 2732 wrote to memory of 2440	2732	shell.exe	shell.exe

C:\Users\Admin\AppData\Local\Temp\shell.exe
"C:\Users\Admin\AppData\Local\Temp\shell.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2732

C:\Users\Admin\AppData\Local\Temp\shell.exe
"C:\Users\Admin\AppData\Local\Temp\shell.exe"
2⤵
- Loads dropped DLL
PID:2440

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI27322\api-ms-win-core-file-l1-2-0.dll
Filesize
18KB

MD5
63f88fa59f6ced6ec5bc50b5407b1fc2

SHA1
9806cd443812e7939c4d95e3c583c2785ea165b1

SHA256
a179666b529fc407fd16be148f5f221fd7774773e80a94d747091aca7d390da4

SHA512
bef016e0cccb71ab6efd357bbcc3e4f03fe8cb1392e022689aee2048afa3f20192dd2b1496d763cdea81264c644bd30cd40c7976d95ebf27882ed434b74e03e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27322\api-ms-win-core-file-l2-1-0.dll
Filesize
18KB

MD5
5b99824d6509fe5b4f0dc09c3706e4b9

SHA1
d5b08505f9359be50f45449b7d46da42b00da7c7

SHA256
2771bf5156cdaf5dddc234254dc200064c2643ea2368807a965f5574153b4c08

SHA512
f5c604d95b056b71d801ac9b84d7127718cd9cfab8fffb7524c9c8a919e8a24e3b55d618931302c4be83560bc95871db6ecb9ec79fa254e235bee55d32036e67

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27322\api-ms-win-core-localization-l1-2-0.dll
Filesize
20KB

MD5
5d32a3644d850032038b55546b6d6665

SHA1
faeeb777ce0af9716e0e534ba3846051e52e3ab6

SHA256
bc3972ea34c0df384e6b1196cdf88c805f7363949e7c92d5cf457fa5114d4512

SHA512
a14b10468159b67ff7af52f7c8248995d528341000718069734017a079278d0248d76b369dad8b1c20f0b4480ae55d9e5b48ded02a12a83a943def9a4cc3436d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27322\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
18KB

MD5
d4148c6bc8c9881eedfb64c87375f629

SHA1
485d36a00bdeb09dfc3cb87ed239b0f750d68f16

SHA256
6a8ac79a755982c408b86ac6876d0f861c96ad7b3ce203b8951d7d278b113f20

SHA512
67e75d666f9ec431049e01a883a9e96472b5489929d9a81fff7d1c8518b3980eb9a85c5f510c9daa2bd38e937cad307afbfa11d904b1c554444fd5b174d52a7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27322\api-ms-win-core-timezone-l1-1-0.dll
Filesize
18KB

MD5
75ab723020ac262b6b5669b9be0239c4

SHA1
fa6672eb6ca5f2ba3cd1764a98e1c8875d307866

SHA256
af9bb3ff8b02b16a5ad1897db329bb934d07dc081984044373f2d1ac03532907

SHA512
83b7ccb5c5f550178e72741fa4cdfea55b4c55fd0fca3947618089871872b824cf0e59da12ab342559e3a34d86d98d855064b651a3168c1cfc583d5d4a47308f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27322\python39.dll
Filesize
4.3MB

MD5
2135da9f78a8ef80850fa582df2c7239

SHA1
aac6ad3054de6566851cae75215bdeda607821c4

SHA256
324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3

SHA512
423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27322\ucrtbase.dll
Filesize
969KB

MD5
60606071bf033275377fd66a2a7de09c

SHA1
2475cdfd25427be07b3662e99c185cc49df35c6e

SHA256
4eace6c996a2ed322bd43810db9fb64e20114682f4b71fcd4031215f803f5f47

SHA512
bf9fbe3d162388be71d866a818f0f583ffb479fa151e62125ff200d40902e6ab1e61822e85ca01c319a1304fd899390ecc7d9ba3b3b061eac84cd23d644b699e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27322\api-ms-win-core-file-l1-2-0.dll
Filesize
18KB

MD5
63f88fa59f6ced6ec5bc50b5407b1fc2

SHA1
9806cd443812e7939c4d95e3c583c2785ea165b1

SHA256
a179666b529fc407fd16be148f5f221fd7774773e80a94d747091aca7d390da4

SHA512
bef016e0cccb71ab6efd357bbcc3e4f03fe8cb1392e022689aee2048afa3f20192dd2b1496d763cdea81264c644bd30cd40c7976d95ebf27882ed434b74e03e9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27322\api-ms-win-core-file-l2-1-0.dll
Filesize
18KB

MD5
5b99824d6509fe5b4f0dc09c3706e4b9

SHA1
d5b08505f9359be50f45449b7d46da42b00da7c7

SHA256
2771bf5156cdaf5dddc234254dc200064c2643ea2368807a965f5574153b4c08

SHA512
f5c604d95b056b71d801ac9b84d7127718cd9cfab8fffb7524c9c8a919e8a24e3b55d618931302c4be83560bc95871db6ecb9ec79fa254e235bee55d32036e67

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27322\api-ms-win-core-localization-l1-2-0.dll
Filesize
20KB

MD5
5d32a3644d850032038b55546b6d6665

SHA1
faeeb777ce0af9716e0e534ba3846051e52e3ab6

SHA256
bc3972ea34c0df384e6b1196cdf88c805f7363949e7c92d5cf457fa5114d4512

SHA512
a14b10468159b67ff7af52f7c8248995d528341000718069734017a079278d0248d76b369dad8b1c20f0b4480ae55d9e5b48ded02a12a83a943def9a4cc3436d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27322\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
18KB

MD5
d4148c6bc8c9881eedfb64c87375f629

SHA1
485d36a00bdeb09dfc3cb87ed239b0f750d68f16

SHA256
6a8ac79a755982c408b86ac6876d0f861c96ad7b3ce203b8951d7d278b113f20

SHA512
67e75d666f9ec431049e01a883a9e96472b5489929d9a81fff7d1c8518b3980eb9a85c5f510c9daa2bd38e937cad307afbfa11d904b1c554444fd5b174d52a7b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27322\api-ms-win-core-timezone-l1-1-0.dll
Filesize
18KB

MD5
75ab723020ac262b6b5669b9be0239c4

SHA1
fa6672eb6ca5f2ba3cd1764a98e1c8875d307866

SHA256
af9bb3ff8b02b16a5ad1897db329bb934d07dc081984044373f2d1ac03532907

SHA512
83b7ccb5c5f550178e72741fa4cdfea55b4c55fd0fca3947618089871872b824cf0e59da12ab342559e3a34d86d98d855064b651a3168c1cfc583d5d4a47308f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27322\python39.dll
Filesize
4.3MB

MD5
2135da9f78a8ef80850fa582df2c7239

SHA1
aac6ad3054de6566851cae75215bdeda607821c4

SHA256
324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3

SHA512
423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27322\ucrtbase.dll
Filesize
969KB

MD5
60606071bf033275377fd66a2a7de09c

SHA1
2475cdfd25427be07b3662e99c185cc49df35c6e

SHA256
4eace6c996a2ed322bd43810db9fb64e20114682f4b71fcd4031215f803f5f47

SHA512
bf9fbe3d162388be71d866a818f0f583ffb479fa151e62125ff200d40902e6ab1e61822e85ca01c319a1304fd899390ecc7d9ba3b3b061eac84cd23d644b699e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads